Upstream information
Description
The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Novell/SUSE information
Note from the SUSE Security Team
This issue does affect openssl on SUSE Linux Enterprise 11 and later. It will not affect SSL and TLS connections, as these usually do not use these methods to process messages. Please also read the upstream advisory. Novell Bugzilla entries: 749210, 749735, 751977, 754640, 761819 SUSE Security Advisories:- openSUSE-SU-2012:0547-1, published Mon, 23 Apr 2012 11:08:34 +0200 (CEST)
- openSUSE-SU-2013:0336-1, published Mon, 25 Feb 2013 11:04:39 +0100 (CET)
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SLE 11 SP1 DEBUGINFO |
| Builds SAT Patch Nr: 6054 |
| SUSE Linux Enterprise Software Development Kit 11 SP1 SUSE Linux Enterprise Software Development Kit 11 SP2 |
| Builds SAT Patch Nr: 6054 |
| SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 |
| Builds SAT Patch Nr: 6054 |
| SUSE Linux Enterprise Desktop 11 SP1 SUSE Linux Enterprise Desktop 11 SP2 |
| Builds SAT Patch Nr: 6054 |
| SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP2 |
| Builds SAT Patch Nr: 6054 |
| SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP2 |
| Builds SAT Patch Nr: 6054 |
| SUSE Linux Enterprise Server 11 SP1 SUSE Linux Enterprise Server 11 SP1 for VMware SUSE Linux Enterprise Server 11 SP2 |
| Builds SAT Patch Nr: 6054 |